Security Issues for Crowd Server and Crowd Data Center

by GLiNTECH

Atlassian has announced that Crowd Server and Crowd Data Center, might be at risk after a series of security issues were detected. Below you will find information on each of the security issues identified by Atlassian, as well as confirmation as to whether or not you and your versions are affected.

Summary of Vulnerability

Atlassian disclosed a critical severity security vulnerability which was introduced in version 2.1.0 of Crowd and Crowd Data Center. Versions of Crowd and Crowd Data Center starting with these versions are affected:

All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

What Atlassian advises you to do

Atlassian recommends that you upgrade to the latest version. For a full description of the latest version of Crowd, see the release notes. You can download the latest version of Crowd from the download Center.